I'm not shure if it's my inexperience, but I downloaded https://github.com/CycloneDX/sbom-utility/releases/download/v0.18.1/sbom-utility-v0.18.1-linux-amd64.tar.gz and tried to validate my cyclonedx 1.7 BOM and your example BOM changed to 1.7 but got no support. Even schema list shows no cdx1.7 as you stated in #140 as solved. A cdx1.6 works fine:
user@myhost:~/scripts/sbom-utility-v0.18.1$ ./sbom-utility schema list -q
name variant format version file url
---- ------- ------ ------- ---- ---
CycloneDX v1.6.1 (latest) CycloneDX 1.6 schema/cyclonedx/1.6/bom-1.6.schema.json https://raw.githubusercontent.com/CycloneDX/specification/master/schema/bom-1.6.schema.json
CycloneDX v1.5 (latest) CycloneDX 1.5 schema/cyclonedx/1.5/bom-1.5.schema.json https://raw.githubusercontent.com/CycloneDX/specification/master/schema/bom-1.5.schema.json
executing the command:
user@myhost:~/scripts/sbom-utility-v0.18.1$ ./sbom-utility validate -i example-cdx1.7-juice-shop-11.1.2-sbom.json
Welcome to the sbom-utility! Version 'v0.18.1' (sbom-utility) (linux/amd64)
===========================================================================
[INFO] Loading (embedded) default schema config file: 'config.json'...
[INFO] Loading (embedded) default license policy file: 'license.json'...
[INFO] Attempting to load and unmarshal data from: 'example-cdx1.7-juice-shop-11.1.2-sbom.json'...
[INFO] Successfully unmarshalled data from: 'example-cdx1.7-juice-shop-11.1.2-sbom.json'
[INFO] Determining file's BOM format and version...
[ERROR] schema not supported: schema version not found in configuration: Schema Format: 'CycloneDX', Version: '1.7', Variant: ''
[INFO] document 'example-cdx1.7-juice-shop-11.1.2-sbom.json': valid=[false]
and tried to give new schema:
user@myhost:~/scripts/sbom-utility-v0.18.1$ ./sbom-utility validate -i example-cdx1.7-juice-shop-11.1.2-sbom.json --config-schema bom-1.7.schema.json
Welcome to the sbom-utility! Version 'v0.18.1' (sbom-utility) (linux/amd64)
===========================================================================
[INFO] Loading schema config file: 'bom-1.7.schema.json'...
[INFO] Loading (embedded) default license policy file: 'license.json'...
[INFO] Attempting to load and unmarshal data from: 'example-cdx1.7-juice-shop-11.1.2-sbom.json'...
[INFO] Successfully unmarshalled data from: 'example-cdx1.7-juice-shop-11.1.2-sbom.json'
[INFO] Determining file's BOM format and version...
[ERROR] format not supported: unknown format ('example-cdx1.7-juice-shop-11.1.2-sbom.json')
[INFO] document 'example-cdx1.7-juice-shop-11.1.2-sbom.json': valid=[false]
Thanks a lot for your work.
I'm not shure if it's my inexperience, but I downloaded https://github.com/CycloneDX/sbom-utility/releases/download/v0.18.1/sbom-utility-v0.18.1-linux-amd64.tar.gz and tried to validate my cyclonedx 1.7 BOM and your example BOM changed to 1.7 but got no support. Even schema list shows no cdx1.7 as you stated in #140 as solved. A cdx1.6 works fine:
executing the command:
and tried to give new schema:
Thanks a lot for your work.